Uploaded image for project: 'Sentry (Retired)'
  1. Sentry (Retired)
  2. SENTRY-1209

Sentry does not block Hive's cross-schema table renames

    XMLWordPrintableJSON

Details

    Description

      User Pete
      has read-write access to schema A
      has read-only access to schema B

      User Pete nevertheless was able to rename/move Hive table
      from schema A to schema B (where he has read-only access):

      use A;
      alter table table_a rename to B.table_a;

      Hive allows to use rename table syntax to move tables across schemas, not just rename.

      Sentry does not check security boundaries in this case.

      Attachments

        1. SENTRY-1209.006.patch
          14 kB
          Colin
        2. SENTRY-1209.005.patch
          11 kB
          Colin
        3. SENTRY-1209.004.patch
          11 kB
          Colin
        4. SENTRY-1209.003.patch
          9 kB
          Colin
        5. SENTRY-1209.002.patch
          9 kB
          Colin
        6. SENTRY-1209.001.patch
          7 kB
          Colin

        Issue Links

          Activity

            People

              colin Colin
              Tagar Ruslan Dautkhanov
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: